• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
willow1975

Help!!

4 posts in this topic

My computer's been running real slow for quite some time now, and now my avg scanner came up with a trojan detected, I recall when I went into mega video the other day and got slightly fooled by the convincing image of a megavideo player that popped up in a new browser only to realise this was in fact a verifcation for a gamestar toolbar??? and now I cannot find to remove it, did not worry until today when avg has recognised this as a trojan....aarrgghh!!

Please help!!!

I shall post the scan results from malwarebyte's anti malware, promptly

 

for some reason i cannot run hijack this...

what shall i do now?

 

Malwarebytes' Anti-Malware 1.41

Database version: 3172

Windows 6.0.6002 Service Pack 2

 

2009-12-03 05:41:42

mbam-log-2009-12-03 (05-41-42).txt

 

Scan type: Quick Scan

Objects scanned: 89295

Time elapsed: 9 minute(s), 52 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

 

 

 

bitdefender scan results:

BitDefender QuickScan Beta 32-bit v0.9.8.2

------------------------------------------

 

Scan date: Thu Dec 03 05:58:15 2009

Machine ID: D265C43A

 

Warning: Low execution rights. Please run QuickScan/browser as Administrator.

 

 

No infection found.

---------------------

 

 

Processes

---------

<unsigned> ConfigFree Task tray menu 3168 C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

<unsigned> TOSHIBA Flash Cards 3060 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

<unsigned> sv 3716 C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

<unsigned> TOSHIBA Online Product Information 3572 C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe

<unsigned> HijackThis 1072 C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

<verified> AVG Tray Monitor 3576 C:\Program Files\AVG\AVG8\avgtray.exe

<verified> GoogleToolbarNotifier 3868 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

<verified> iTunesHelper Module 3828 C:\Program Files\iTunes\iTunesHelper.exe

<verified> Körbar fil för Kungen 3136 C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe

<verified> Firefox 5552 C:\Program Files\Mozilla Firefox\firefox.exe

<verified> Synaptics TouchPad Enhancements 1176 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

<verified> TOSHIBA Power Saver 3684 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

<verified> SmoothView 3688 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

<verified> Windows Defender User Interface 3228 C:\Program Files\Windows Defender\MSASCui.exe

<verified> Windows Sidpanelen 3952 C:\Program Files\Windows Sidebar\sidebar.exe

<verified> Utforskaren 2608 C:\Windows\Explorer.EXE

<verified> Registry Monitor 2764 C:\Windows\PixArt\PAC207\Monitor.exe

<verified> HD Audio Control Panel 3112 C:\Windows\RtHDVCpl.exe

<verified> COM Surrogate 4024 C:\Windows\system32\DllHost.exe

<verified> COM Surrogate 4928 C:\Windows\system32\DllHost.exe

<verified> Fönsterhanteraren för skrivbordet 2392 C:\Windows\system32\Dwm.exe

<verified> hkcmd Module 3164 C:\Windows\System32\hkcmd.exe

<verified> persistence Module 3240 C:\Windows\System32\igfxpers.exe

<verified> igfxsrvc Module 4328 C:\Windows\system32\igfxsrvc.exe

<verified> Motor för Schemaläggaren 2264 C:\Windows\system32\taskeng.exe

 

 

Network activity

----------------

Process firefox.exe (5552) connected on port 5050 (Yahoo Messenger) - webcs104.msg.ac4.yahoo.com

 

 

 

Autoruns and critical files

---------------------------

<unsigned> Google Desktop C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll

<unsigned> QuickTime Task C:\Program Files\QuickTime\QTTask.exe

<unsigned> TOSHIBA Flash Cards C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

<unsigned> TOSHIBA Online Product Information C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe

 

<verified> AVG Resident Shield Starter avgrsstx.dll

<verified> Adobe Acrobat SpeedLauncher C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

<verified> AVG Tray Monitor C:\Program Files\AVG\AVG8\avgtray.exe

<verified> AppleSyncNotifier C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

<verified> RealNetworks Scheduler C:\Program Files\Common Files\Real\Update_OB\realsched.exe

<verified> Google Desktop C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

<verified> GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

<verified> iTunesHelper Module C:\Program Files\iTunes\iTunesHelper.exe

<verified> Java Platform SE binary C:\Program Files\Java\jre6\bin\jusched.exe

<verified> getPlus® Helper C:\Program Files\NOS\bin\getPlus_Helper.dll

<verified> Nexus Personal C:\Program Files\Personal\bin\Personal.exe

<verified> Skype C:\Program Files\Skype\Phone\Skype.exe

<verified> System settings protector C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

<verified> Synaptics TouchPad Enhancements C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

<verified> TOSHIBA Power Saver C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

<verified> Vista Registration C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe

<verified> SmoothView C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

<verified> Windows Defender User Interface C:\Program Files\Windows Defender\MSASCui.exe

<verified> Windows Sidpanelen C:\Program Files\Windows Sidebar\sidebar.exe

<verified> Registry Monitor C:\Windows\PixArt\PAC207\Monitor.exe

<verified> HD Audio Control Panel C:\Windows\RtHDVCpl.exe

<verified> Realtek Voice Manager C:\Windows\Skytel.exe

<verified> Bibliotek för gränssnittsläsare C:\Windows\System32\browseui.dll

<verified> hkcmd Module C:\Windows\System32\hkcmd.exe

<verified> persistence Module C:\Windows\System32\igfxpers.exe

<verified> igfxTray Module C:\Windows\system32\igfxtray.exe

<verified> Inloggningsprogrammet Userinit c:\windows\system32\userinit.exe

<verified> Webbplatsövervakare C:\Windows\System32\webcheck.dll

<verified> igfxdev Module igfxdev.dll

 

 

Browser plugins

---------------

<unsigned> Bonjour Namespace Provider C:\Program Files\Bonjour\mdnsNSP.dll

<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

<unsigned> npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

<unsigned> OpenSSL Shared Library C:\Program Files\Mozilla Firefox\plugins\libdivx.dll

<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

<unsigned> OpenSSL Shared Library C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll

<unsigned> RealJukebox Netscape Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

<unsigned> 6.0.12.69 C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

 

<verified> Safe Search for Internet Explorer c:\program files\avg\avg8\avgssie.dll

<verified> AVG Security Toolbar c:\program files\avg\avg8\toolbar\ietoolbar.dll

<verified> Adobe PDF Helper for Internet Explorer c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll

<verified> WindowsLiveLogin.dll c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll

<verified> DivX Web Player version 1.5.0.52 C:\Program Files\DivX\DivX Web Player\npdivx32.dll

<verified> Fast Search c:\program files\google\google toolbar\component\fastsearch_b7c5ac242193bb3e.dll

<verified> Google Toolbar c:\program files\google\google toolbar\googletoolbar_32.dll

<verified> GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

<verified> Java Platform SE binary c:\program files\java\jre6\bin\jp2ssv.dll

<verified> Search Helper for Internet Explorer c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll

<verified> getplusplusadobe16249 C:\Program Files\Mozilla Firefox\plugins\np_gp.dll

<verified> NPRuntime Script Plug-in Library for Java Depl C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll

<verified> DivX Web Player version 1.5.0.52 C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll

<verified> Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

<verified> Nexus Personal Plug-Ins C:\Program Files\Personal\bin\np_prsnl.dll

<verified> RealPlayer LiveConnect-Enabled Plug-In C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

<verified> RealPlayer Download and Record Plugin for Internet c:\program files\real\realplayer\rpbrowserrecordplugin.dll

<verified> SBSD IE Protection C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

<verified> Windows Live Toolbar Core c:\program files\windows live\toolbar\wltcore.dll

<verified> Adobe® Flash® Player ActiveX Installer C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe

<verified> getPlus+® C:\Windows\Downloaded Program Files\gp.ocx

<verified> Windows Presentation Foundation (WPF) plug-in for C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

<verified> NPSWF32.dll C:\Windows\System32\Macromed\Flash\NPSWF32.dll

<verified> Tjänstprovider för Microsoft Windows Sockets 2.0 C:\Windows\System32\mswsock.dll

<verified> Provider för e-postnamngivnings-shim C:\Windows\System32\NapiNSP.dll

<verified> Network Location Awareness 2 C:\Windows\System32\nlaapi.dll

<verified> PNRP-namnområdesprovider C:\Windows\System32\pnrpnsp.dll

<verified> LDAP RnR Provider DLL C:\Windows\System32\winrnr.dll

 

 

Missing files

-------------

File not found: NDSTray.exe

referenced in: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"NDSTray.exe"

 

File not found: TOSCDSPD.EXE

referenced in: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"TOSCDSPD"

 

File not found: http://adfarm.mediaplex.com/ad/ck/7206-44921-9400-2

referenced in: HKLM\Software\Microsoft\Internet Explorer\Extensions\{76577871-04EC-495E-A12B-91F7C3600AFA}\"Exec"

 

File not found: http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home

referenced in: HKLM\Software\Microsoft\Internet Explorer\Extensions\{8A918C1D-E123-4E36-B562-5C1519E434CE}\"Exec"

 

 

Scan

----

 

No file uploaded.

 

Scan finished - communication took 1 sec

Total traffic - 0.05 MB sent, 3.12 KB recvd

Scanned 1134 files and modules - 159 seconds

 

 

Hi,

 

Help us help you.

 

Please read this article and follow the protocol.

http://spywareinfoforum.com/index.php?showtopic=23382

Then submit a fresh HijackThis log. One of our helpers will take care of you. It's the only way we can give you sound advice.

Edited by nasdaq
HijackThis log requested.

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

 

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi,

 

As posted on your first post please read the FAQ and submit a fresh HijackThis log for my review.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this Topic is closed.

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0